Reducing certificate revocation lists at access points in a wireless access network

ABSTRACT

The certificate revocation lists at access points of a wireless access network can be reduced. In one embodiment, an Internet Service Provider (“ISP”) connected to the wireless access network can receive a subscription request from a user terminal capable of accessing the ISP using the wireless access network. When the ISP assigns a subscription identifier to the user terminal, it also provides a service certificate signed by a certificate authority including the subscription identifier. In addition, the ISP also provides the user terminal one or more session certificates to be used to access the wireless access network, where the session certificates having a shorter validity period than the service certificate.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention applies to the field of hardware authentication,in particular to terminal authentication in a wireless network.

2. Description of the Prior Art

Hardware authentication, also sometimes referred to as entityauthentication, is the process of verifying a claimed or presumedidentity. In the context of a wireless access network, hardwareauthentication is used to verify that a an entity is indeed the entityit is claiming to be. For example, a hardware authentication can verifythat a terminal claiming to have a certain MAC address really has theclaimed MAC address. Without hardware authentication, unauthorized userterminals could steal the resources of the wireless access network, anduplink and downlink communications between legitimate user terminals andaccess points may be intercepted and eavesdropped.

Hardware authentication in wireless networks is currently accomplishedby time varying challenge-response protocols. In a typicalchallenge-response protocol a claimant proves its identity to a verifierby demonstrating knowledge of a secret known to be associated with theclaimant.

One problem with challenge-response protocols is that the verifier needsaccess to a secure database to identify the secret the claimant shouldhave. Furthermore, such protocols require several message exchanges andon-the-fly encryption that can slow down network access.

BRIEF SUMMARY OF THE INVENTION

The certificate revocation lists at access points of a wireless accessnetwork can be reduced. In one embodiment, an Internet Service Provider(“ISP”) connected to the wireless access network can receive asubscription request from a user terminal capable of accessing the ISPusing the wireless access network. When the ISP assigns a subscriptionidentifier to the user terminal, it also provides a service certificatesigned by a certificate authority including the subscription identifier.In addition, the ISP also provides the user terminal one or more sessioncertificates to be used to access the wireless access network, where thesession certificates having a shorter validity period than the servicecertificate.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example, and not by wayof limitation, in the figures of the accompanying drawings in which likereference numerals refer to similar elements and in which:

FIG. 1 is a simplified block diagram of a wireless access network inwhich one embodiment of the present invention can be practiced;

FIG. 2 is a simplified flow chart of an authentication protocolaccording to one embodiment of the present invention;

FIG. 3 is a simplified flow chart of identity certificate basedauthentication according to one embodiment of the present invention

FIG. 4 is a simplified flow chart of service certificate downloadingaccording to one embodiment of the present invention;

FIG. 5 is a simplified flow chart session certificate granting accordingto one embodiment of the present invention;

FIG. 6 is a simplified block diagram of an access point on which anembodiment of the invention can be implemented; and

FIG. 7 is a simplified block diagram of a user terminal on which anembodiment of the invention can be implemented.

DETAILED DESCRIPTION OF THE INVENTION

Wireless Access Network

An example system that can implement embodiments of the presentinvention is now described with reference to FIG. 1. FIG. 1 shows awireless access network 100. The wireless access network can be used toprovide access to the Internet 102, or any other data network, such as aLAN or WAN.

The wireless access network 100 includes wireless access points 104(“AP”) to allow end user devices 106 (“EUD”) to communicate usingwireless user terminals 108 (“UT”). An EUD 106 is generally a mobilecomputing device, such as a laptop or notebook computer, a personaldigital assistant (“PDA”), or a cellular telephone. However, an EUD 106can be any other computing device, such as a desktop computer or aworkstation.

A UT 108 can be implemented as a stand-alone unit, such as a PCMCIA cardor box, or be integrated into the body of the EUD 106. One UT 108 canprovide communications for just one EUD 106 or a group of EUDs 106. TheUT 108 is a communications device analogous to a modem. The UT 108 canbe responsible for radio communications and physical layer signalprocessing. Higher lever processing can be performed by either the UT108 or a host EUD 106.

The UT 108 communicates wirelessly, e.g. using radio signals, with an AP104. An AP can be a cellular base station, an 802.11 access point, orother wireless system access point, such as an i-Burst™ base station.Multiple APs can be connected by a switch 110 or router to centralizethe connection to an Internet Service Provider (“ISP”) 112 and tofacilitate handoffs when a UT 108 moves from one AP 104 zone intoanother.

The ISP, such as America Online, Prodigy, and SBC among others,facilitates access to the Internet 102. Users of the EUDs 106 subscribeto Internet service with the ISP 112. The Wireless Access Network 100allows these users to access the Internet 102 wirelessly.

In one embodiment, the switch 110 is also coupled with a managementserver (“MS”) 114. The MS 114 can perform various network managementfunctions, such as service authorization, statistics gathering, andover-the-air configuration for UTs 108.

FIG. 1 is a highly simplified diagram. In a real life network therecould be a hierarchy of switches 110 and hubs connecting thousands ofAPs 104 with a variety of ISPs 112. Furthermore, embodiments of thepresent invention need not be practiced in a strict wireless accessnetwork context. For example, one embodiment of the present inventionmay be in a wireless peer-to-peer network During authentication however,one peer will be acting as an AP 104 and the other as the UT 108 of awireless access network.

Authentication Protocol

An example authentication protocol in which embodiments of the presentinvention can be used is shown in FIG. 2. FIG. 2 also contains detailsnot necessary to practice the present invention that are provided forclarity and context. The process and message exchange described withreference to FIG. 2 is mostly related to UT 108 authentication. However,the process can also result in AP 104 authentication and the exchange ofa shared secret to be used later for encryption.

When at a UT 108 arrives in the coverage area of an AP 104 it begins theregistration process. Registration is a relationship that enables the UT108 to exchange communications streams with the AP 104. Theauthentication protocol described with reference to FIG. 2 is a part ofthe registration process.

Since the authentication protocol described with reference to FIG. 2 iscertificate-based, before registration begins the UT 108 and the AP 104are each assigned at least one digital certificate from one or moretrusted entities, such as certificate authorities (“CA”). A digitalcertificate is a text message that is signed by the CA. The signaturemay be a digest of the text message encrypted with a CA private key thatonly the CA has access to, but that can be verified by any entity whichknows the CA public key which is openly available.

To verify a certificate, one decrypts the signature with the publishedCA public key and computes the digest from the text message. If thesetwo text strings match, then the certificate was indeed signed by theCA. There are commercial CAs, such as VeriSign, Inc., or a networkoperator can create its own CAs. Public key cryptography and its use tocreate and verify digital certificates is well known.

In one embodiment, the UT 108 has no independent time reference andreceives its sense of time from the AP 104. For example, the AP 104 caninclude an absolute frame number in a broadcast burst or somecommunication addressed to the UT 104.

The authentication protocol can begin when the UT 104 receives the APcertificate in block 202. The AP certificate can include an identity ofthe AP 104, such as a media access control (MAC) address of the AP 104,which identifies the AP 104 either uniquely or network-wide. Thecertificate also includes the AP public key that corresponds with theprivate key of the AP 104. The AP 104 may use different public/privatekey pairs for different UTs 108. As explained above, the AP certificateis signed by a CA trusted by the UT 108.

In block 204, the UT 108 generates a shared secret. This shared secretis only known by the UT 108 at this point and will only be shared withthe AP 104. The shared secret can be generated as a random sequenceusing a random number sequence generator. In one embodiment, at least apart of this shared secret will later be used as a master secret toencrypt communications between the UT 108 and the AP 104 using symmetrickey cryptography. The necessity of establishing such a secret forsymmetric key cryptography is well known.

In block 206, the UT 108 generates an authenticator string. One keypurpose of the authenticator string is to demonstrate that the UT 108 isin possession of the UT private key corresponding to the UT public keycontained in the UT certificate. Since the CA certifies that the publickey belongs to the UT 108, any device having the corresponding privatekey is the authentic UT 108.

There are numerous possible authenticator strings that can demonstratepossession of the UT private key. For example, the UT can encrypt a partof the shared secret with the private key. In one embodiment, the UT 108can generate an authenticator message and sign it with the UT privatekey. If the AP 104 can independently generate the authenticator message,the authenticator string can be the signature only.

In block 208, the UT 108 scrambles the UT certificate given to it by theCA. The UT certificate includes an identifier of the UT 108, such as itsMAC address, and a public key associated with the private key used tosign the authenticator string. The certificate can include various otherdata fields containing information about the UT 108. One reason forscrambling the UT certificate is to hide the UT identifier. This makestracking the UT 108 difficult.

In one embodiment, the UT certificate is scrambled using at least a partof the shared secret. In one embodiment, the bits of the shared secretthat are used for scrambling are not reused for symmetric keycryptography later on. For example, the designated scrambling bits ofthe shared secret can be used to seed a linear feedback shift registerwhose output can be used to scramble the UT certificate. In oneembodiment, the bits generated by the linear feedback shift register areXOR-ed with the bits of the UT certificate.

In block 210, the UT 108 encrypts the shared secret generated in block204 with the AP public key contained in the AP certificate received inblock 202. In one embodiment, the UT also generates a timestamp in block212. The timestamp represents time as known by the UT 108. In oneembodiment, the UT 108 derives its sense of time from the AP 104 asexplained above.

In block 214, the UT 108 sends a message to the AP 104 that the AP 104can use to authenticate the UT 108. In one embodiment, the messageincludes the shared secret generated in block 204 and encrypted in block210, the UT certificate issued by the CA and scrambled in block 208, andthe authenticator string generated in block 206. Furthermore, themessage can also include the timestamp generated in block 212 to protectagainst replay attacks.

In one embodiment, the message is a UT parameters message, which inaddition to the above, also includes a variety of other information,some of which may be encrypted with the AP public key. For example, theUT parameters message can also include such parameters of the UT 108 asthe communication capabilities and preferences of the UT 108.

The ordering of the blocks in FIG. 2 represents merely one embodiment,and is in no way limiting. In some embodiments, several values to beincluded in the UT parameters message can be pre-calculated. Some blockswill thus be performed in different orders. Other blocks can becompletely omitted. For example, if the UT 108 already has a trustedtime reference, e.g. when the UT 108 already has the time from anauthenticated AP 104, block 226 and perhaps block 212 may be omitted.Furthermore, the UT 108 may have a stored copy of the AP certificatefrom a prior registration. In this case block 202 may have been alreadyperformed. In one embodiment, the UT 108 stores AP certificates, or atleast AP public keys, for several frequently accessed APs 104.

In one embodiment, the UT 108 generates the shared secret in block 204before registration even begins. In other embodiments, multiple sharedsecrets can be generated to be used for different access points 104. Inone embodiment, The UT 108 generates the shared secret, block 204, andencrypts it with several stored AP public keys stored in memory, block210, before ever receiving the AP certificate in block 202. Furthermore,once the shared secret is generated, block 204, it can be used toscramble the UT certificate, block 208, before registration even begins,and certainly before receiving the AP certificate in block 202. In otherembodiments, the authenticator string can be generated in block 206prior to receiving the AP certificate in block 202.

As demonstrated above, the blocks of FIG. 2 that are performed by the UT108 can be performed in various orders, and the invention is not limitedto any specific event flow. Various values may be pre-calculated beforeregistration begins, or while awaiting a protocol response from the AP104. Furthermore, some blocks may be performed in parallel, while othersmay simply be switched. Pre-calculating values and speculativelyencrypting the shared secret by guessing the AP identity and public keycan further increase the speed and efficiency of the authenticationprotocol.

Referring again to FIG. 2, in block 216, the AP 104 receives the UTparameters message sent by the UT 108. In block 218, the AP uses itsprivate key to decrypt the shared secret. After the AP is in possessionof the shared secret, in block 220, the AP can unscramble the UTcertificate. Since at least a part of the shared secret was used inscrambling the UT certificate, only the AP 104 can unscramble it, sinceonly the AP 104 has the AP private key necessary to decrypt the sharedsecret.

In block 222, the AP verifies the UT certificate by checking the CAsignature and any validity period associated with the UT certificate.The UT certificate, as explained above, contains the UT public key, andthe CA signature assures that this UT public key is assigned to a UThaving the identifier, e.g., MAC address, also included in the UTcertificate.

In block 224, the AP 104 authenticates the UT 108. This can beaccomplished by using the authenticator string to verify that the UT 104is in possession of the UT private key corresponding to the UT publickey in the UT certificate. In one embodiment, the authenticator stringis the UT signature over an authenticator message. The UT signature canbe a digest, i.e. hash, of the authenticator message encrypted with theUT private key. Other digital signatures are also possible, such asencrypting the entire authenticator message, or a part thereof, with theUT private key.

In one embodiment, the AP 104 can generate the authenticator message andthe authenticator message digest independently. In this case, the AP 104decrypts the authenticator string with the UT public key, generates adigest of the authenticator message, and compares the decryptedauthenticator string to the independently generated authenticatormessage digest. In this manner, the AP 104 can verify that the UT 108 isin possession of the UT private key paired with the UT public key in theUT certificate.

In one embodiment, the UT 108 can also request time certification. Insuch an embodiment, the UT's 108 sense of time is derived from the AP104 when the UT powers up. Thus, at least when a cold-start is performedbut in other situations as well, an unauthorized AP could use an expiredcertificate and give a UT a false time reference that makes thecertificate appear valid. To mitigate this problem, the UT 108 can askthe AP 108 to certify the timestamp generated by the UT 104 in block212.

If the UT 108 requests time verification, in block 226, the AP cancertify the timestamp. The timestamp can be included in the UTparameters message as a protection against replay attacks, but it canalso be used for time certification. In one embodiment, the AP 104performs time certification in block 226 by forwarding the timestamp toa trusted time server (“TS”). The TS is trusted by the UT 108, and canbe a CA, or any server known to be operated by the network operator orsome other trusted entity.

In one embodiment, the TS certifies the timestamp and sends it back tothe AP 104, which in turn forwards it on the UT 108. In one embodiment,in block 228, the AP 104 sends a registration parameters message to theUT 108 including various registration parameters—such as random accesschannels, a paging identifier, and a registration identifier—and thecertified timestamp is included in this message. In other embodiments,the TS may communicate the certification directly to the UT 108, or bysome other means besides the AP 104.

According to one embodiment described with reference to FIG. 2, the AP104 can authenticate the UT 108 using a single message from the UT 108.In one embodiment, all further communication between the UT 108 and theAP 104 is encrypted using the shared secret, or a part of it, forsymmetric cryptography. In this case, when the AP 104 sends theregistration message in block 228, the AP 104 is implicitlyauthenticated, since only the AP possessing the AP private key has theshared secret outside of the UT 108.

User Terminal Certificates

The UT certificate signed by the CA that the UT 108 presents to the AP104 during the authentication procedure has been described above in somedetail. In one embodiment, there can be various different UTcertificates used at different times. In one embodiment, the original UTcertificate possessed by a UT 108 can be called the identitycertificate.

In one embodiment, the identity certificate is tied to the hardware ofthe UT 108. One hardware identifier of the UT 108 is its serial number.More specifically, the hardware of a UT 108 is uniquely identified byits Ethernet address, or its hardware identity according to some otherglobal addressing system. In one embodiment, this unique hardwareidentity, such as the serial number, is included in the plaintext of theidentity certificate. An example identity certificate can contain fieldssuch as:

-   -   1. Certificate Authority Identifier—Identifies the CA to be used        to authenticate.    -   2. Certificate Tye—Specifies certificate type, such as        “Identity”.    -   3. Serial Number of Certificate—Value assigned by the CA that        within a certificate validity period uniquely identifies any        certificate issued by that CA.    -   4. Validity Period—Sets expiration time.    -   5. UT Serial Number—Hardware address that identifies the UT that        owns the certificate. For example, this is formatted as the IEEE        Ethernet MAC address of the UT.    -   6. UT Public Identity Key—The public key used to send encrypted        messages to the UT.

Field 5 of this example identity certificate ties the certificate to thehardware of the UT 108. Such an identity certificate is unique, and canthus prevent cloning of—unauthorized masquerading as—the UT 108 thehaving the identity certificate. Furthermore, because the identitycertificate requires no knowledge about the ISP 112 subscribed to by theuser of the EUD 106, or the wireless access network 100 to be used toaccess the ISP 112, the identity certificate can be factory seeded intothe UT 108 by the UT's manufacturer. As such, it can be used for initialauthentication.

Such an authentication is described with reference to FIG. 3. In block310, the UT 108 is seeded with an identity certificate that is tied tothe UT hardware on manufacture. Seeding the identity certificate can beaccomplished by storing the certificate, signed by the CA, in a main orsecure memory of the UT 108.

In block 320, the identity certificate is sent to the AP 104 from the UT108, for example as part of the message sent in block 214 of FIG. 2. TheAP 104 then authenticates the UT 108 in block 330 using the identitycertificate as the UT certificate, as described with reference to block222 of FIG. 2. In this manner, the AP 104 can authenticate UTs 108regardless of manufacturer or service provider, enabling the UTs 108 toglobally roam to any network that trusts the CA.

Another type of UT certificate can be called a service certificate. Inone embodiment, the service certificate is obtained in addition to theidentity certificate. In other embodiments it can be the exclusive UTcertificate. The service certificate is also signed by a CA, and can beissued to the UT 108 from the ISP 112.

The service certificate includes the subscription identifier of the UT108 that corresponds to its subscription with the ISP 112. An exampleservice certificate can contain, in addition to the fields of theidentity certificate shown above, a field including the InternationalMobile Service Identifier (IMSI) of the UT 108, as assigned by the ISP112. Other identifiers can also be used.

In one embodiment, the service certificate indicates the quality—orgrade—of service granted to the UT 108 by the subscription. For example,if a user of an EUD 206 connection to the ISP 112 using a UT 108 choosesto subscribe to one high-speed data and one voice session, a coderepresenting this grade of service can be included in the servicecertificate, either in the same field, or in a separate field than thesubscription identifier.

Since the subscription identifier and the grade of service are not knownat manufacture of the UT 108, they need to be downloaded at a latertime. In one embodiment, this is done using the identity certificate, orsome other factory seeded UT certificate. One embodiment of such aprocess is described with reference to FIG. 4. To block 410, the AP 104receives the factory seeded certificate—for example the identitycertificate—from a UT 108 that is registering for the first time, orthat has no current subscription.

In block 420, the UT 108 is authenticated in a manner similar to thatdescribed above with reference to block 330 of FIG. 3. In oneembodiment, the use of the factory-seeded certificate alerts the AP 104or the MS 114 that the network access is an initial sign-in. As such,the UT 108 can be directed to a subscription service, such as ISP 112.Thus, in block 430, the AP 104 allows the connection between the UT 108and the ISP 112.

After the user exchanges subscription information with the ISP 112, forexample, a selected level of service and a credit card number, the ISP112 uses the certificate it received from the UT 108 to create a servicecertificate from the UT 108. To do this, the ISP 112 assigns asubscription identifier, such as an IMSI, to the UT 108. Furthermore,the ISP 112 can also assign a code representing the grade of service ofthe subscription to the UT 108. These values are added to the plaintextof the new certificate, which is then signed by a CA trusted by the ISP112.

In block 440, this new certificate—the service certificate—is sent fromthe ISP 112 to the AP 104 facilitating the initial connection. In block450, the AP 104 forwards the service certificate to the UT 108, whichstores it in a memory for future authentications. Using the servicecertificate, the UT 108 can authenticate itself to the AP 104 and theISP 112 in a single communication. Furthermore, the AP 104 can tell whatquality of service it should provide to the UT 108 based on the servicecertificate. This would otherwise not be possible with a factory-seededcertificate.

In a certificate-based authentication scheme, the access network 100must keep a certificate revocation list (CRL) at various nodes—such asthe APs 104, switches 110, or MSs 114—to keep track of certificates thathave not yet expired, but have become invalid. For example, if the userof a UT 108 allows his subscription to lapse, his downloaded servicecertificate will have to be revoked, even though its validity period hasnot expired. Therefore, the longer the validity periods of the servicecertificates, the longer the CRLs need to be.

Since CRLs consume physical resources, such as memory, and computationalresources, such as search, it is desirable to keep CRLs shorter ratherthan longer. However, keeping the CRLs short by reducing the validityperiods of the service certificates would require the frequentdownloading of service certificates using the process described withreference to FIG. 4. That would mean, that each time the servicecertificate expired—which, to keep the CLRs short would be several timesa day—a new subscription, or a verification of the subscription, wouldbe required.

The CLRs at the APs 104 can be reduced without shortening the validityperiod of the service certificate, according to some embodiments of thepresent invention. In one embodiment, the UT 108 is assigned one or moresession certificates by the ISP 112, depending on the number ofauthorized sessions a UT 108 is allowed to maintain simultaneously. Asession certificate can include, in addition to the other fields of theservice certificate, a session identifier associated with a session tobe had by the UT 108. For example, the session identifier can uniquelyidentify a Point to Point Protocol (PPP) Session within the UT 108.

One embodiment of authentication using the session certificates isdescribed with reference to FIG. 5. In block 510, the ISP 112 receivesthe initial subscription request from a new user. In block 520, thesubscription is granted. In this example, the grade of service is twoconcurrent sessions, one for high-speed data, and one for Voice Over IP(VoIP). In block 530, the ISP 112 assigns the subscription identifier tothe UT 108, and generates and delivers the service certificate to the UT108.

In addition to the service certificate, in block 540, the ISP 112 alsoprovides two session certificates, one for each allowed session, eachhaving a unique session identifier. The session certificates haveshorter validity periods than the service certificate.

In one embodiment, each session certificate is only valid for a singlesession. Having a session certificate, among other things, helps preventsession theft during handover, since each authorized session must beauthenticated by a certificate.

When the UT 108 requests more session certificates, e.g., because theyhave expired, the UT provides the ISP 112 with the service certificate.In block 550, the ISP 112 determines whether the service certificate isvalid by checking the CRL in the ISP 112 management entity. If it isstill valid, then the ISP 112 creates new session certificates andprovides them to the UT, as in block 540.

If the service certificate is not valid because it has been revoked,then the ISP 112 denies service to the UT 108 in block 560. The UT 108can then be prompted to produce the identity certificate to beauthenticated and granted a new subscription. Thus, when a potentiallylengthy CRL—the one for the service certificates—needs to be examined,the search is performed by the ISP 112. Most of the time, the APs 104only have to search the relatively short session certificate CRLs whenauthenticating a UT 108.

Access Point Structure

Embodiments of an AP 104 and a UT 108 of a wireless access network arenow described. FIG. 4 shows an example of an AP of a wireless accessnetwork or cellular communication network suitable for implementing thepresent invention. The system or network includes a number of subscriberstations, also referred to as remote terminals or UTs, such as thatshown in FIG. 1 as UT 108 and in detail in FIG. 5. The AP may beconnected to a wide area network (WAN) or the Internet through its hostDSP 31 for providing any required data services and connections externalto the immediate wireless system. To support spatial diversity, aplurality of antennas 3 is used, for example four antennas, althoughother numbers of antennas may be selected.

A set of spatial multiplexing weights for each subscriber station areapplied to the respective modulated signals to produce spatiallymultiplexed signals to be transmitted by the bank of four antennas. Thehost DSP 31 produces and maintains spatial signatures for eachsubscriber station for each conventional channel and calculates spatialmultiplexing and demultiplexing weights using received signalmeasurements. In this manner, the signals from the current activesubscriber stations, some of which may be active on the sameconventional channel, are separated and interference and noisesuppressed. When communicating from the AP to the subscriber stations,an optimized multi-lobe antenna radiation pattern tailored to thecurrent active subscriber station connections and interference situationis created. Suitable smart antenna technologies for achieving such aspatially directed beam are described, for example, in U.S. Pat. Nos.5,828,658, issued Oct. 27, 1998 to Ottersten et al. and 5,642,353,issued Jun. 24, 1997 to Roy, III et al. The channels used may bepartitioned in any manner. In one embodiment the channels used may bepartitioned as defined in the GSM (Global System for MobileCommunications) air interface, or any other time division air interfaceprotocol, such as Digital Cellular, PCS (Personal Communication System),PHS (Personal Handyphone System) or WLL (Wireless Local Loop).Alternatively, continuous analog or CDMA channels can be used.

The outputs of the antennas are connected to a duplexer switch 7, whichin a TDD embodiment, may be a time switch. Two possible implementationsof the duplexer switch are as a frequency duplexer in a frequencydivision duplex (FDD) system, and as a time switch in a time divisionduplex (TDD) system. When receiving, the antenna outputs are connectedvia the duplexer switch to a receiver 5, and are converted down inanalog by RF receiver (“RX”) modules 5 from the carrier frequency to anFM intermediate frequency (“IF”). This signal then is digitized(sampled) by analog to digital converters (“ADCs”) 9. Finaldown-converting to baseband is carried out digitally. Digital filterscan be used to implement the down-converting and the digital filtering,the latter using finite impulse response (FIR) filtering techniques.This is shown as block 13. The invention can be adapted to suit a widevariety of RF and IF carrier frequencies and bands.

There are, in the present example, eight down-converted outputs fromeach antenna's digital filter 13, one per receive timeslot. Theparticular number of timeslots can be varied to suit network needs.While GSM uses eight uplink and eight downlink timeslots for each TDMAframe, desirable results can also be achieved with any number of TDMAtimeslots for the uplink and downlink in each frame. For each of theeight receive timeslots, the four down-converted outputs from the fourantennas are fed to a digital signal processor (DSP) 17 (hereinafter“timeslot processor”) for further processing, including calibration,according to one aspect of this invention. Eight Motorola DSP56300Family DSPs can be used as timeslot processors, one per receivetimeslot. The timeslot processors 17 monitor the received signal powerand estimate the frequency offset and time alignment. They alsodetermine smart antenna weights for each antenna element. These are usedin the SDMA scheme to determine a signal from a particular remote userand to demodulate the determined signal.

The output of the timeslot processors 17 is demodulated burst data foreach of the eight receive timeslots. This data is sent to the host DSPprocessor 31 whose main function is to control all elements of thesystem and interface with the higher level processing, which is theprocessing which deals with what signals are required for communicationsin all the different control and service communication channels definedin the system's communication protocol. The host DSP 31 can be aMotorola DSP56300 Family DSP. In addition, timeslot processors send thedetermined receive weights for each UT to the host DSP 31. The host DSP31 maintains state and timing information, receives uplink burst datafrom the timeslot processors 17, and programs the timeslot processors17. In addition it decrypts, descrambles, checks error correcting code,and deconstructs bursts of the uplink signals, then formats the uplinksignals to be sent for higher level processing in other parts of the AP.Furthermore DSP 31 may include a memory element to store data,instructions, or hopping functions or sequences. Alternatively, the APmay have a separate memory element or have access to an auxiliary memoryelement. With respect to the other parts of the AP it formats servicedata and traffic data for further higher processing in the AP, receivesdownlink messages and traffic data from the other parts of the AP,processes the downlink bursts and formats and sends the downlink burststo a transmit controller/modulator, shown as 37. The host DSP alsomanages programming of other components of the AP including the transmitcontroller/modulator 37 and the RF timing controller shown as 33.

The RF timing controller 33 interfaces with the RF system, shown asblock 45 and also produces a number of timing signals that are used byboth the RF system and the modem. The RF controller 33 reads andtransmits power monitoring and control values, controls the duplexer 7and receives timing parameters and other settings for each burst fromthe host DSP 31.

The transmit controller/modulator 37, receives transmit data from thehost DSP 31. The transmit controller uses this data to produce analog IFoutputs which are sent to the RF transmitter (TX) modules 35.Specifically, the received data bits are converted into a complexmodulated signal, up-converted to an IF frequency, sampled, multipliedby transmit weights obtained from host DSP 31, and converted via digitalto analog converters (“DACs”) which are part of transmitcontroller/modulator 37 to analog transmit waveforms. The analogwaveforms are sent to the transmit modules 35. The transmit modules 35up-convert the signals to the transmission frequency and amplify thesignals. The amplified transmission signal outputs are sent to antennas3 via the duplexer/time switch 7.

User Terminal Structure

FIG. 5 depicts an example component arrangement in a UT that providesdata or voice communication. The user terminal's antenna 45 is connectedto a duplexer 46 to permit the antenna 45 to be used for bothtransmission and reception. The antenna can be omni-directional ordirectional. For optimal performance, the antenna can be made up ofmultiple elements and employ spatial processing as discussed above forthe AP. In an alternate embodiment, separate receive and transmitantennas are used eliminating the need for the duplexer 46. In anotheralternate embodiment, where time division duplexing is used, atransmit/receive (TR) switch can be used instead of a duplexer as iswell known in the art. The duplexer output 47 serves as input to areceiver 48. The receiver 48 produces a down-converted signal 49, whichis the input to a demodulator 51. A demodulated received sound or voicesignal 67 is input to a speaker 66.

The user terminal has a corresponding transmit chain in which data orvoice to be transmitted is modulated in a modulator 57. The modulatedsignal to be transmitted 59, output by the modulator 57, is up-convertedand amplified by a transmitter 60, producing a transmitter output signal61. The transmitter output 61 is then input to the duplexer 46 fortransmission by the antenna 45.

The demodulated received data 52 is supplied to a user terminal centralprocessing unit 68 (CPU) as is received data before demodulation 50. Theuser terminal CPU 68 can be implemented with a standard DSP (digitalsignal processor) device such as a Motorola series 56300 Family DSP.This DSP can also perform the functions of the demodulator 51 and themodulator 57. The user terminal CPU 68 controls the receiver throughline 63, the transmitter through line 62, the demodulator through line52 and the modulator through line 58. It also communicates with akeyboard 53 through line 54 and a display 56 through line 55. Amicrophone 64 and speaker 66 are connected through the modulator 57 andthe demodulator 51 through lines 65 and 66, respectively for a voicecommunications user terminal. In another embodiment, the microphone andspeaker are also in direct communication with the CPU to provide voiceor data communications. Furthermore user terminal CPU 68 may alsoinclude a memory element to store data, instructions, and hoppingfunctions or sequences. Alternatively, the user terminal may have aseparate memory element or have access to an auxiliary memory element.

In one embodiment, the speaker 66, and the microphone 64 are replaced oraugmented by digital interfaces well-known in the art that allow data tobe transmitted to and from an external data processing device (forexample, a computer). In one embodiment, the user terminal's CPU iscoupled to a standard digital interface such as a PCMCIA interface to anexternal computer and the display, keyboard, microphone and speaker area part of the external computer. The user terminal's CPU 68 communicateswith these components through the digital interface and the externalcomputer's controller. For data only communications, the microphone andspeaker can be deleted. For voice only communications, the keyboard anddisplay can be deleted.

General Matters

In the description above, for the purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of the present invention. It will be apparent, however, toone skilled in the art that the present invention may be practicedwithout some of these specific details. In other instances, well-knownstructures and devices are shown in block diagram form.

The present invention includes various steps. The steps of the presentinvention may be performed by hardware components, such as those shownin FIGS. 4 and 5, or may be embodied in machine-executable instructions,which may be used to cause a general-purpose or special-purposeprocessor or logic circuits programmed with the instructions to performthe steps. Alternatively, the steps may be performed by a combination ofhardware and software. The steps have been described as being performedby either the AP or the UT. However, many of the steps described asbeing performed by the AP may be performed by the UT and vice versa.Furthermore, the invention is equally applicable to systems in whichterminals communicate with each other without either one beingdesignated as a AP, a UT, a user terminal or a subscriber station. Thus,the present invention is equally applicable and useful in a peer-to-peerwireless network of communications devices. In such a network, duringthe execution of the authentication protocol the devices would taketurns acting in the manner of the UT and the AP described above. Thesedevices may be cellular phones, PDA's, laptop computers, or any otherwireless devices. Generally, since both the APs and the UTs use radiowaves, they are sometimes referred to as radios.

In portions of the description above, only the AP is described asperforming spatial processing using an antenna array. However, the UTscan also contain antenna arrays, and can also perform spatial processingboth on receiving and transmitting (uplink and downlink) within thescope of the present invention.

Embodiments of the present invention may be provided as a computerprogram product, which may include a machine-readable medium havingstored thereon instructions, which may be used to program a computer (orother electronic devices) to perform a process according to the presentinvention. The machine-readable medium may include, but is not limitedto, floppy diskettes, optical disks, CD-ROMs, and magneto-optical disks,ROMs, RAMs, EPROMs, EEPROMs, magnet or optical cards, flash memory, orother type of media/machine-readable medium suitable for storingelectronic instructions. Moreover, the present invention may also bedownloaded as a computer program product, wherein the program may betransferred from a remote computer to a requesting computer by way ofdata signals embodied in a carrier wave or other propagation medium viaa communication link (e.g., a modem or network connection).

Many of the methods and calculations are described in their most basicform, but steps can be added to or deleted from any of the methods andinformation can be added or subtracted from any of the described messagesignals without departing from the basic scope of the present invention.It will be apparent to those skilled in the art that many furthermodifications and adaptations can be made. The particular embodimentsare not provided to limit the invention but to illustrate it. The scopeof the present invention is not to be determined by the specificexamples provided above but only by the claims below.

It should also be appreciated that reference throughout thisspecification to “one embodiment” or “an embodiment” means that aparticular feature may be included in the practice of the invention.Similarly, it should be appreciated that in the foregoing description ofexemplary embodiments of the invention, various features of theinvention are sometimes grouped together in a single embodiment, figure,or description thereof for the purpose of streamlining the disclosureand aiding in the understanding of one or more of the various inventiveaspects. This method of disclosure, however, is not to be interpreted asreflecting an intention that the claimed invention requires morefeatures than are expressly recited in each claim. Rather, as thefollowing claims reflect, inventive aspects lie in less than allfeatures of a single foregoing disclosed embodiment. Thus, the claimsfollowing the Detailed Description are hereby expressly incorporatedinto this Detailed Description, with each claim standing on its own as aseparate embodiment of this invention.

1. A method comprising: receiving a subscription request at an InternetService Provider (ISP) from a user terminal through an access point ofan access network; assigning a subscription identifier to the userterminal at the ISP in response to the subscription request; generatingat the ISP a service certificate signed by a certificate authority andthat includes the subscription identifier to identify a subscription ofthe user terminal with the ISP; adding the service certificate to acertificate revocation list (CRL) maintained by the ISP; receiving theservice certificate from the user terminal at the ISP; checking theservice certificate against the certificate revocation list (CRL)maintained by the ISP; and providing from the ISP, to the user terminal,if the service certificate is valid, a session certificate to be used toaccess the access network through the access point, the sessioncertificate having a shorter validity period than the servicecertificate.
 2. The method of claim 1, wherein receiving the servicecertificate comprises receiving the service certificate through theaccess point being used by a user terminal to access the access network.3. The method of claim 2, wherein checking the service certificatecomprises searching a certificate revocation list at the ISP.
 4. Themethod of claim 1, wherein the session certificate is associated with alink-level session available to the user terminal.
 5. The method ofclaim 1, wherein the link-level session comprises a PPP session.
 6. Amethod comprising: receiving a digital certificate at an access point ofan access network from a user terminal seeking access to the accessnetwork, the digital certificate to be used to authenticate the userterminal; determining, at the access point, a type of the digitalcertificate; if the certificate is a session certificate, thendetermining the validity of the digital certificate by searching acertificate revocation list (CRL) at the access point that is associatedwith session certificates; and if the certificate is a servicecertificate, then sending the certificate to an Internet ServiceProvider (ISP) to determine the validity of the certificate.
 7. Themethod of claim 6, wherein determining the type of the digitalcertificate comprises determining the length of the digital certificate.8. The method of claim 6, wherein the validity periods of sessioncertificates is shorter than the validity periods of servicecertificates.
 9. The method of claim 8, wherein the CRL associated withsession certificates is shorter than the CRL associated with servicecertificates.
 10. A user terminal capable of communicating with anaccess network, the user terminal comprising: a memory to store: aservice certificate issued by an Internet Service Provider (“ISP”) andsigned by a certificate authority, the service certificate having afirst validity period, the service certificate corresponding with asubscription of the user terminal with the ISP and including asubscription identifier, the service certificate to be used by theaccess network to authenticate the user terminal with the ISP; and asession certificate issued by the ISP and signed by the certificateauthority, the session certificate having a second validity period thatis shorter in duration than the first validity period, the sessioncertificate corresponding with a session subscribed to by the userterminal and to be used by the access network to authenticate the userterminal to an access point of the access network.
 11. The user terminalof claim 10, wherein the session comprises a link-level session.
 12. Theuser terminal of claim 11, wherein the link-level session comprises aPPP session.
 13. A machine-readable storage medium having stored thereondata representing instructions that, when executed by a processor of anInternet Service Provider (“ISP”), cause the processor to performoperations comprising: receiving a subscription request at an InternetService Provider (ISP) from a user terminal through an access point ofan access network; assigning a subscription identifier to the userterminal at the ISP in response to the subscription request; generatingat the ISP a service certificate signed by a certificate authority andthat includes the subscription identifier to identify a subscription ofthe user terminal with the ISP; adding the service certificate to acertificate revocation list (CRL) maintained by the ISP; receiving theservice certificate from the user terminal at the ISP; checking theservice certificate against the certificate revocation list (CRL)maintained by the ISP; and providing from the ISP, to the user terminal,if the service certificate is valid, a session certificate to be used toaccess the access network through the access point, the sessioncertificate having a shorter validity period than the servicecertificate.
 14. The machine-readable storage medium of claim 13,wherein receiving the service certificate comprises receiving theservice certificate through the access point being used by a userterminal to access the access network.
 15. The machine-readable storagemedium of claim 14, wherein checking the service certificate comprisessearching a certificate revocation list.
 16. The machine-readablestorage medium of claim 13, wherein the session certificate isassociated with a link-level session available to the user terminal. 17.The machine-readable storage medium of claim 13, wherein the link-levelsession comprises a PPP session.
 18. The method of claim 1, wherein theservice certificate further includes an indication of a grade of servicegranted to the user terminal for the subscription.
 19. The user terminalof claim 10, wherein the service certificate is authenticated by the ISPand the session certificate is authenticated at the access point. 20.The user terminal of claim 19, wherein the service certificate isauthenticated using a certificate revocation list (CRL) maintained bythe ISP and the session certificate is authenticated using a CRLmaintained by the access point.